Most Americans expect the Fourth Amendment — which protects individuals from illegal searches — to extend to their digital lives.
In general, this expectation matches reality: unless law enforcement comes knocking with a warrant, the government cannot search a person’s phone or computer. However, cars are treated differently, and as “connected cars” become increasingly linked to people’s digital identities, there is a risk that police will use this exception to conduct digital searches without warrants.
Congress should close this loophole.
The Fourth Amendment is the cornerstone of people’s right to privacy and freedom from government intrusion in the United States. It requires the government to get a warrant based on probable cause before conducting a search and seizure of personal property.
The Supreme Court has found these protections important enough to update them for the digital world. For example, the court has extended warrant protections to cell phones and vehicle GPS tracking, and it is currently reviewing whether law enforcement officials should be required to get a warrant to obtain cellphone location information from wireless carriers.
However, there has been a long-standing exception for vehicles in the Fourth Amendment: law enforcement officials can stop and search a vehicle based on probable cause without having to get a warrant from a judge.
For example, police officers can stop a vehicle for a routine traffic violation, and search it on the spot if the officers have probable cause that they will find contraband or the evidence of a crime. This lower standard for government searches makes sense in a physical world, where vehicles can only hold so much information and drivers can easily drive away to dispose of evidence.
But cars are changing, both in term of the amount and sensitivity of the information they can hold. Next-generation vehicles generate gigabytes of data while driving, enabling a host of new applications that enhance convenience, safety, and efficiency for drivers.
When this information can be accessed either through a display interface in the car or programmatically through an on-board computer, law enforcement could gain access to a significant amount of data about drivers without a warrant. For example, police could access in-car apps that contain sensitive information, such as navigation apps that contain travel history, social media apps that store messages and other personal information, and payment apps that contain information about past purchases.
While some of these applications require passwords, many only do so when the driver first logs in. Therefore, they would likely be unlocked when police pull over a driver.
In addition, many drivers may be intimidated into revealing their passwords during a stop, as has happened to travelers forced to unlock their phones at border crossings.
Finally, police could retrieve information stored in an on-board computer which may collect and store a variety of potentially sensitive information about drivers, including their driving behavior. Already, some police use special devices designed to circumvent built-in security measures on citizens’ phones and quickly copy their contents — similar devices could be designed for cars.
Despite these potential risks, a car’s ability to collect information is not inherently privacy-invasive. And importantly, the automotive industry has taken pains to protect consumer privacy. For example, automakers made a series of public commitments in 2014 to establish strict privacy standards for data collected from vehicles, promising not to share consumer information with other businesses without affirmative consent — a standard that is higher than those found in other industries.
However, the auto industry cannot change the laws on digital searches. Policymakers should close this loophole to protect both citizens’ rights and support for technological progress. Congress has previously acted to close loopholes created by technological change.
For example, the Electronic Communications Privacy Act (ECPA), which limits how law enforcement can access digital information has different legal standards for obtaining email stored on a PC and email stored in the cloud. As cloud computing adoption has grown, Congress has worked to pass a legislative fix.
Just as Congress has been working to close the loophole for cloud computing, it should close the loophole created by the convergence of digital technology with vehicles. Congress should require law enforcement officials to obtain a warrant before they can access data from a vehicle.
Congress can do this while maintaining the vehicle exception for physical searches and maintaining law enforcement’s access to data held by third parties, such as automakers or wireless providers, through warrants or other lawful processes.
By upholding citizen privacy, Congress can ensure a smooth road ahead for vehicles of the future.